ShimUtils: Rename ShimToCert as ShimUtils; add new tools:

 - shim-make.tool
 - sbat-info.tool
 - unsign-efi-sig-list.tool
and update shim-to-cert.tool

Changelog.md

@@ -6,6 +6,7 @@ OpenCore Changelog
 - Fixed hang while unloading NTFS driver
 - Added UEFI quirk `ShimRetainProtocol`, allowing OpenCore chained from shim to verify Linux using shim's certificates
 - Added `OpenLegacyBoot` driver for supporting legacy OS booting
+- Added `shim-make.tool` to download and build rhboot/shim, for Linux SBAT and MOK integration
 
 #### v0.9.4
 - Fixed kext blocker `Exclude` strategy for prelinked on 32-bit versions of macOS

Docs/Configuration.md5

@@ -1 +1 @@
-f1400845646bce4ad26b4792e1bab0c1
+7f166539f9fd5dc103e8e05ebb5b5524

Docs/Configuration.tex

@@ -1684,7 +1684,7 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
   such as \texttt{DevirtualiseMmio}, \texttt{ProtectMemoryRegions}, or \texttt{RebuildAppleMemoryMap},
   and may also obstruct other quirks depending on the scope of such.
 
-  GRUB shim makes similar on-the-fly changes to various UEFI image services,
+  GRUB Shim makes similar on-the-fly changes to various UEFI image services,
   which are also protected against by this quirk.
 
   \emph{Note 1}: On VMware, the need for this quirk may be determined by the appearance of the
@@ -6814,9 +6814,9 @@ \subsection{OpenLinuxBoot}\label{uefilinux}
   as distro boots successfully.
 \end{itemize}
 
-If using OpenLinuxBoot with Secure Boot, users may wish to use the \texttt{shim-to-cert.tool} included in OpenCore
-utilities, which can be used to extract the public key needed to boot a distro's kernels directly, as done when using OpenCore
-with OpenLinuxBoot, rather than via GRUB shim. For non-GRUB distros, the required public key must be found by user research.
+If using OpenLinuxBoot with Secure Boot, users may wish to install
+a user built, user signed Shim bootloader giving SBAT and MOK integration, as explained in
+\href{https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/ShimUtils}{OpenCore ShimUtils}.
 
 \subsubsection{Configuration}
 
@@ -8929,10 +8929,10 @@ \subsection{Quirks Properties}\label{uefiquirkprops}
   \texttt{ShimRetainProtocol}\\
   \textbf{Type}: \texttt{plist\ boolean}\\
   \textbf{Failsafe}: \texttt{false}\\
-  \textbf{Description}: Request Linux shim to keep protocol installed for subsequent image loads.
+  \textbf{Description}: Request Linux Shim to keep protocol installed for subsequent image loads.
 
-  This option is only required if chaining OpenCore from shim. It must be set in order to allow
-  OpenCore to launch items which are verified by certificates present in shim, but not in the
+  This option is only required if chaining OpenCore from Shim. It must be set in order to allow
+  OpenCore to launch items which are verified by certificates present in Shim, but not in the
   system Secure Boot database.
 
 \item
@@ -9272,15 +9272,15 @@ \subsection{UEFI Secure Boot}\label{uefisecureboot}
   the same private key.
 \item Sign all third-party operating system (not made by Microsoft or Apple)
   bootloaders if needed. For Linux there is an option to install
-  Microsoft-signed Shim bootloader as explained on e.g.
-  \href{https://wiki.debian.org/SecureBoot}{Debian Wiki}.
+  a user built, user signed Shim bootloader giving SBAT and MOK integration, as explained in
+  \href{https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/ShimUtils}{OpenCore ShimUtils}.
 \item Enable UEFI Secure Boot in firmware preferences and install the
   certificate with a private key. Details on how to generate a certificate
   can be found in various articles, such as \href{https://habr.com/en/post/273497}{this one},
   and are out of the scope of this document. If Windows is needed one
   will also need to add the
   \href{http://go.microsoft.com/fwlink/?LinkID=321192}{Microsoft Windows Production CA 2011}.
-  To launch option ROMs or to use signed Linux drivers,
+  To launch option ROMs or to use signed Linux drivers if not using a user build of Shim,
   \href{http://go.microsoft.com/fwlink/?LinkId=321194}{Microsoft UEFI Driver Signing CA} will also be needed.
 \item Password-protect changing firmware settings to ensure that UEFI Secure Boot
   cannot be disabled without the user's knowledge.

Docs/Differences/Differences.tex

@@ -1,7 +1,7 @@
 \documentclass[]{article}
 %DIF LATEXDIFF DIFFERENCE FILE
-%DIF DEL PreviousConfiguration.tex   Wed Aug 23 09:25:38 2023
-%DIF ADD ../Configuration.tex        Thu Sep  7 19:58:34 2023
+%DIF DEL PreviousConfiguration.tex   Sun Aug 13 19:03:22 2023
+%DIF ADD ../Configuration.tex        Sun Sep 10 19:20:43 2023
 
 \usepackage{lmodern}
 \usepackage{amssymb,amsmath}
@@ -1744,7 +1744,7 @@ \subsection{Quirks Properties}\label{booterpropsquirks}
   such as \texttt{DevirtualiseMmio}, \texttt{ProtectMemoryRegions}, or \texttt{RebuildAppleMemoryMap},
   and may also obstruct other quirks depending on the scope of such.
 
-  GRUB shim makes similar on-the-fly changes to various UEFI image services,
+  GRUB \DIFdelbegin \DIFdel{shim }\DIFdelend \DIFaddbegin \DIFadd{Shim }\DIFaddend makes similar on-the-fly changes to various UEFI image services,
   which are also protected against by this quirk.
 
   \emph{Note 1}: On VMware, the need for this quirk may be determined by the appearance of the
@@ -6878,9 +6878,15 @@ \subsubsection{\DIFadd{Configuration}}
   as distro boots successfully.
 \end{itemize}
 
-If using OpenLinuxBoot with Secure Boot, users may wish to use the \texttt{shim-to-cert.tool} included in OpenCore
+If using OpenLinuxBoot with Secure Boot, users may wish to \DIFdelbegin \DIFdel{use the }\texttt{\DIFdel{shim-to-cert.tool}} %DIFAUXCMD
+\DIFdel{included in OpenCore
 utilities, which can be used to extract the public key needed to boot a distro's kernels directly, as done when using OpenCore
-with OpenLinuxBoot, rather than via GRUB shim. For non-GRUB distros, the required public key must be found by user research.
+with OpenLinuxBoot, rather than via GRUB shim.
+For non-GRUB distros, the required public key must be found by user research.
+}\DIFdelend \DIFaddbegin \DIFadd{install
+a user built, user signed Shim bootloader giving SBAT and MOK integration, as explained in
+}\href{https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/ShimUtils}{\DIFadd{OpenCore ShimUtils}}\DIFadd{.
+}\DIFaddend 
 
 \subsubsection{Configuration}
 
@@ -8993,11 +8999,11 @@ \subsection{Quirks Properties}\label{uefiquirkprops}
   \DIFaddbegin \texttt{\DIFadd{ShimRetainProtocol}}\\
   \textbf{\DIFadd{Type}}\DIFadd{: }\texttt{\DIFadd{plist\ boolean}}\\
   \textbf{\DIFadd{Failsafe}}\DIFadd{: }\texttt{\DIFadd{false}}\\
-  \textbf{\DIFadd{Description}}\DIFadd{: Request Linux shim to keep protocol installed for subsequent image loads.
+  \textbf{\DIFadd{Description}}\DIFadd{: Request Linux Shim to keep protocol installed for subsequent image loads.
 }
 
-  \DIFadd{This option is only required if chaining OpenCore from shim. It must be set in order to allow
-  OpenCore to launch items which are verified by certificates present in shim, but not in the
+  \DIFadd{This option is only required if chaining OpenCore from Shim. It must be set in order to allow
+  OpenCore to launch items which are verified by certificates present in Shim, but not in the
   system Secure Boot database.
 }
 
@@ -9338,15 +9344,17 @@ \subsection{UEFI Secure Boot}\label{uefisecureboot}
   the same private key.
 \item Sign all third-party operating system (not made by Microsoft or Apple)
   bootloaders if needed. For Linux there is an option to install
-  Microsoft-signed Shim bootloader as explained on e.g.
-  \href{https://wiki.debian.org/SecureBoot}{Debian Wiki}.
+  \DIFdelbegin \DIFdel{Microsoft-signed Shim bootloader as explained on e.g.
+  }%DIFDELCMD < \href{https://wiki.debian.org/SecureBoot}{%%%
+\DIFdel{Debian Wiki}\DIFdelend \DIFaddbegin \DIFadd{a user built, user signed Shim bootloader giving SBAT and MOK integration, as explained in
+  }\href{https://github.com/acidanthera/OpenCorePkg/tree/master/Utilities/ShimUtils}{\DIFadd{OpenCore ShimUtils}\DIFaddend }.
 \item Enable UEFI Secure Boot in firmware preferences and install the
   certificate with a private key. Details on how to generate a certificate
   can be found in various articles, such as \href{https://habr.com/en/post/273497}{this one},
   and are out of the scope of this document. If Windows is needed one
   will also need to add the
   \href{http://go.microsoft.com/fwlink/?LinkID=321192}{Microsoft Windows Production CA 2011}.
-  To launch option ROMs or to use signed Linux drivers,
+  To launch option ROMs or to use signed Linux drivers \DIFaddbegin \DIFadd{if not using a user build of Shim}\DIFaddend ,
   \href{http://go.microsoft.com/fwlink/?LinkId=321194}{Microsoft UEFI Driver Signing CA} will also be needed.
 \item Password-protect changing firmware settings to ensure that UEFI Secure Boot
   cannot be disabled without the user's knowledge.

Utilities/ShimUtils/README.md

@@ -0,0 +1,107 @@
+## OpenCore + OpenLinuxBoot + Secure Boot
+
+If you want to use OpenCore + OpenLinuxBoot + Secure Boot it is possible to sign everything
+manually yourself, including any new Linux kernels after updates. This is possible since most
+standard distros leave at least the previous kernel bootable (and OpenLinuxBoot exposes
+this, via the Auxiliary menu), so you can boot into the old kernel, then sign the new
+kernel yourself.
+
+More convenient may be to trust the signing keys of the specific distros which you
+want to boot, which are bundled into the `shimx64.efi` file installed with each distro.
+You can extract these with `shim-to-cert.tool` distributed with OpenCore, then install
+them in your system Secure Boot `db` variable. Best practice would be to install the deny
+list (`vendor.dbx`) from `shimx64.efi`, if any, into your system `dbx` variable, as well.
+(Otherwise you are ignoring any revocations which the vendor has made.)
+
+Recently, Shim has added SBAT support, as a more efficient way to revoke unsafe
+binaries. Unfortunately, the SBAT enforcement code is part of Shim, and is not
+something you can extract and add to your system Secure Boot database.
+
+To work round this, the new recommended way to boot OpenCore + OpenLinuxBoot +
+Secure Boot is to make a user build of Shim. The vendor certificates
+and revocation lists extracted from the distro `shimx64.efi` files are combined
+and signed by you, into your own build of Shim; in this approach, these vendor
+certificates should NOT also be included in the system Secure Boot database,
+and should be removed if you added them previously. Including them in both places
+will still boot under Secure Boot, but will effectively disable SBAT revocation.
+
+> If you are signing everything yourself, including Linux kernels after updates, that
+will still work as before and the below is not needed. Equally, if you are not
+using Secure Boot the below is not needed.
+
+The advantages of using a user build of Shim are:
+ - No need to sign every kernel after updates (same as previous method)
+ - Linux SBAT integration (new)
+ - Linux MOK integration (new)
+ - No need to include the Windows intermediate CA - you are trusting whichever distro
+   keys you choose to include in your own Shim, directly (new)
+
+Disadvantages are:
+ - Need to update when distro keys or distro revocation lists within Shim are updated
+   (same as previous method)
+ - Need to udpate when Shim SBAT level is updated (new)
+
+### Method
+`Utilities/ShimUtils` includes a script `shim-make.tool` which will download the
+current Shim source and build it for you, on macOS (using Ubuntu multipass) or on
+Linux (Ubuntu and Fedora supported, others may work).
+
+ - Extract `vendor.db` and `vendor.dbx` files from the `shimx64.efi` file of each distro
+   which you want to load (using `shim-to-cert.tool`)
+   - For non-GRUB distros, the required public keys for this process cannot be extracted
+     from `shimx64.efi` and so must be found by additional user research
+ - Concatentate these (e.g. `cat fedora/vendor.db ubuntu/vendor.db > combined/vendor.db`
+   and `cat fedora/vendor.dbx ubuntu/vendor.dbx > combined/vendor.dbx`)
+   - Do not concatenate `.der` files directly, it will not work
+   - If you have a single distro with a single `.der` file, you can use `VENDOR_CERT_FILE`
+   instead of `VENDOR_DB_FILE` in the `make` options below; otherwise, you will need to use
+   `cert-to-efi-sig-list` from `efitools` to convert the `.der` file to a sig list - this
+   is done automatically by `shim-to-cert.tool` when `efitools` are available (in
+   Linux; or from within Ubuntu multipass on macOS, e.g. `multipass shell oc-shim`)
+ - Build a version of Shim which includes these concatenated signature lists (and
+   launches OpenCore.efi directly):
+   - `./shim-make.tool setup`
+   - `./shim-make.tool clean` (only needed if remaking after the initial make)
+   - `./shim-make.tool make VENDOR_DB_FILE={full-path-to}/vendor.db VENDOR_DBX_FILE={full-path-to}/vendor.dbx`
+     - On macOS, the paths to these files must either be within the multipass VM, or
+       within a subdirectory visible to macOS and the VM on the same path, such as
+       `/Users/{username}/shim_root` when using `shim-make.tool` default settings
+ - Copy the relevant files (`shimx64.efi` and `mmx64.efi` as well as `BOOTX64.CSV`) to your mounted ESP volume, e.g.:
+   - `./shim-make.tool install /Volumes/EFI` (macOS)
+   - `sudo ./shim-make.tool install /boot/efi` (Linux)
+ - Sign the newly built `shimx64.efi` and `mmx64.efi` with your own ISK (see e.g.
+   https://habr.com/en/articles/273497/ - Google translate is your friend)
+   - If you do not copy and sign `mmx64.efi` as well as `shimx64.efi`, your system will hang if any MOK operations are attempted
+   - `BOOTX64.CSV` is not required and is for information only
+
+As before you need to sign `OpenCore.efi` and any drivers it loads with your ISK.
+You now also need to add an empty SBAT section to `OpenCore.efi` before signing it.
+
+> An empty SBAT section means: 'I'm not part of the system which allocates SBAT names
+and signs them into boot files, and I don't want this boot file to be revoked by any
+future SBAT revocations'. Of course, you can still revoke boot files you signed yourself
+by rotating your own signing keys.
+
+As noted [here](https://github.com/fwupd/fwupd/issues/2910) and
+[here](https://github.com/rhboot/shim/issues/376),
+the [documented](https://github.com/rhboot/shim/blob/main/SBAT.md) method for adding an
+SBAT section to an already-linked `.efi` file does not work correctly (GNU `objcopy`
+corrupts the executable). This
+[third party python script](https://github.com/rhboot/shim/issues/376#issuecomment-1628004034)
+does work. A suitable command is:
+
+`pe-add-sections.py -s .sbat <(echo -n) -z .sbat -i OpenCore.efi -o OpenCore_empty_sbat.efi`
+
+This file then needs to be signed and copied back into place, e.g.:
+
+`sbsign --key {path-to}/ISK.key --cert {path-to}/ISK.pem OpenCore_empty_sbat.efi --output OpenCore.efi`
+
+Finally, in order for OpenCore integration with Shim to work correctly
+`UEFI/Quirks/ShimRetainProtocol` must be enabled in `config.plist`, and
+`LauncherPath` should be set to `\EFI\OC\shimx64.efi`.
+
+> Using Ubuntu multipass, it is now possible to operate entirely within macOS for signing,
+key generation, etc. Note that the `~/shim_root` directory is already shared between
+macOS and the `oc-shim` multipass VM (under its macOS path, e.g. `/Users/username/shim_root`),
+and other macOS folders and volumes can be mounted if you wish, e.g.
+`multipass mount /Volumes/EFI oc-shim:/Volumes/EFI`.